explainshell icon indicating copy to clipboard operation
explainshell copied to clipboard

Published 20 hours ago verified publisher icon idank

Adds SRI To Remote Scripts

Open moebrowne opened this issue 4 years ago • 2 comments

This PR adds SRI attributes and an explicit https protocol to remote assets

moebrowne avatar Oct 08 '20 20:10 moebrowne

Thanks for the PR. Can you add a small note to the commit message on how you generated the hashes?

Also, for my understanding, is the addition of https a must here? When running locally, the website isn't behind SSL so I wonder if that'll cause some browser warnings.

idank avatar Oct 10 '20 15:10 idank

I'm afraid I have deleted my fork so wont be able to update the commit message. If it is important I'm happy to open another PR.

The https protocol isn't required for SRI to work. You will only get browser warnings if you try to load http:// resources on an https:// page so your local and production environments won't be negatively affected.

moebrowne avatar Oct 12 '20 18:10 moebrowne

https://www.srihash.org/ has a convenient hash calculator (generates a whole tag) and also instructions how to compute hashes locally:

> curl --silent https://cdnjs.cloudflare.com/ajax/libs/font-awesome/3.2.1/css/font-awesome.min.css | openssl dgst -sha384 -binary - | base64
5WSMKsEjlK1hO/E+0ERtEmsujy8NFgEb15UOB5phg+1xk2zTO0Dd71qJ+7yD1QFN

The results match the hashes added here :heavy_check_mark:

I tested this PR locally, http://localhost:5000/ loads with no errors, looks same, in particular the "explainshell" logo still renders in Berkshire Swash font :heavy_check_mark:

cben avatar Feb 21 '24 17:02 cben

It won't let me merge here, I think because the author got rid of their fork. Closing.

idank avatar Feb 21 '24 19:02 idank